Safari – XMLHttpRequest cannot load X due to access control checks. [Inspector]

The situation:

Whenever you visit this URL in Safari https://nvm.samengroen.com/plan/basic/497 and look in the console there are errors regarding XMLHttpRequest and access control checks.

The strange part is, when I have the Developer Tool open and reload the page it works fine.

Can someone clarify why it does work with Developer Tools opened. And what may be causing this issue.

Information:

This project consists of an Angular frontend (nvm.samengroen.com) and an API-Platform Symfony backend (broker-api.samengroen.com). They both are on the same wildcard SSL certificate, which I’ve found might be the answer, but logging in and viewing other pages which get data from the API works without any problem.

We also tried this in the .env file, without any result:

###> nelmio/cors-bundle ###
CORS_ALLOW_ORIGIN=^https?://.*?$
###< nelmio/cors-bundle ###

My findings so far:

I’ve been googling around for a solution but can’t find a definitive answer.

https://laracasts.com/discuss/channels/laravel/cors-access-control-allow-origin-issues-on-safari-mobile-and-desktop

google tells me this would probably be because of a combination of

  • HTTP/2 capable browsers
  • multiple domain certificate (probably a wildcard cert)
  • at some point apache wants to renegotiate the TLS which is not supported in the client implementation of http/2

Safari 10.1: XMLHttpRequest with query parameters cannot load due to access control checks

Your server needs to reply to the OPTIONS http method. Not only to GET/POST/PUT/DELETE. Safari silently requests this hidden in the background. You can discover this with a MITM-attack on the connection

Source: Symfony Questions

Was this helpful?

0 / 0

Leave a Reply 0

Your email address will not be published. Required fields are marked *